00:05
Guanin has quit [Remote host closed the connection]
00:29
rsa has quit [Ping timeout: 248 seconds]
00:47
drakonis_ has quit [Ping timeout: 244 seconds]
00:47
rsa has joined #nixos-dev
01:28
johnny101m has joined #nixos-dev
01:31
jtojnar has quit [Read error: Connection reset by peer]
01:33
jtojnar has joined #nixos-dev
01:33
jtojnar has quit [Read error: Connection reset by peer]
03:04
orivej has quit [Ping timeout: 246 seconds]
03:22
NinjaTrappeur has quit [Ping timeout: 264 seconds]
03:25
NinjaTrappeur has joined #nixos-dev
03:42
drakonis has joined #nixos-dev
04:59
drakonis has quit [Quit: WeeChat 2.5]
06:00
orivej has joined #nixos-dev
06:35
rsa has quit [Ping timeout: 258 seconds]
07:39
pie_ has quit [Ping timeout: 252 seconds]
07:50
<
domenkozar[m] >
has anyone managed to get newer Nix + darwin working on travis?
08:56
orivej has quit [Ping timeout: 246 seconds]
09:29
ixxie has joined #nixos-dev
09:34
pie_ has joined #nixos-dev
09:57
orivej has joined #nixos-dev
10:16
<
zimbatm >
worldofpeace: are you really talking about yourself in the third person :p
10:17
<
zimbatm >
I would have to kick somebody out, we only have a limited number of admins available on the free instance
11:01
<
averell >
make a script to rotate by available timezones ;)
11:02
<
tilpner >
D: averell--
11:41
johnny101m2 has joined #nixos-dev
11:41
johnny101m has quit [Read error: Connection reset by peer]
11:44
johnny101m has joined #nixos-dev
11:46
johnny101m2 has quit [Ping timeout: 250 seconds]
11:50
<
tilpner >
das_j, ajs124: Did you give it a try?
12:13
marek has quit [Ping timeout: 272 seconds]
12:50
marek has joined #nixos-dev
12:59
<
tilpner >
IFD-less AA profiles
13:10
<
tilpner >
Now I can try to generate and enforce a few profiles, and improve that wrapper
13:11
<
gchristensen >
I was dreaming last night about systemd services only having access to the program's closure by default
13:12
<
tilpner >
That sounds familiar
13:12
<
tilpner >
Don't we already have that?
13:12
<
gchristensen >
not that I know of :)
13:13
<
tilpner >
systemd.services.<name>.confinement.fullUnit
13:13
<
tilpner >
Not fullUnit specifically, the whole confinement attrset
13:13
<
tilpner >
systemd.services.<name>.confinement.enable
13:13
<
tilpner >
If set, all the required runtime store paths for this service are bind-mounted into a tmpfs-based chroot(2).
13:14
<
gchristensen >
hot dog
13:14
<
gchristensen >
I love this
13:16
<
gchristensen >
aszlig. of course it is aszlig!
13:16
<
{^_^} >
aszlig's karma got increased to -666
13:18
<
tilpner >
gchristensen: Now you just have to default confinement.enable = true and tell us if it still boots :)
13:19
<
gchristensen >
sure
13:19
<
gchristensen >
and probably enable fullUnit by default
13:20
<
tilpner >
Yeah. I still wouldn't expect that to work as a default
13:20
<
gchristensen >
I will try it
13:20
<
tilpner >
But it might still be feasible to enable confinement for more services by default
13:40
orivej has quit [Ping timeout: 248 seconds]
14:05
__monty__ has joined #nixos-dev
14:11
<
worldofpeace >
zimbatm: I frequently talk about myself in third person :D I call it the observer self
14:30
marek has joined #nixos-dev
14:30
marek has quit [Changing host]
14:34
<
samueldr >
oh, I thought
14:39
<
{^_^} >
#64054 (by ivan, 6 weeks ago, open): snscrape: 0.2.0 -> 0.3.0
14:46
<
gchristensen >
"by: package maintainer" can't disagree :)
14:51
<
worldofpeace >
sounds about right samueldr
14:55
<
{^_^} >
#63539 (by ivan, 8 weeks ago, open): usbguard-nox: init at 0.7.4
14:55
<
ivan >
I tested it, maintainer untested but ok'ed
14:58
<
{^_^} >
#52828 (by ivan, 33 weeks ago, open): pyflame: fix the build on machines with kernel.yama.ptrace_scope > 0
15:10
orivej has joined #nixos-dev
15:13
johnny101m has quit [Remote host closed the connection]
15:22
orivej has quit [Ping timeout: 245 seconds]
15:26
orivej has joined #nixos-dev
16:46
ixxie has quit [Ping timeout: 246 seconds]
16:48
orivej has quit [Ping timeout: 248 seconds]
17:42
ixxie has joined #nixos-dev
18:16
Jackneill has quit [Remote host closed the connection]
18:34
Guanin has joined #nixos-dev
19:01
<
ajs124 >
tilpner: nice! We're both kind of away from computers. I looked at your initial implementation and hacked around on my own, but I'll definitely look at the IFD-less version as soon as I have time and a computer.
19:33
psyanticy has joined #nixos-dev
19:34
ryantm has quit [Ping timeout: 244 seconds]
19:47
<
samueldr >
the main idea being that we would pre-empt the need to add more release artifacts
19:48
<
samueldr >
not even caring about plasma5, but (as stated in a previous comment) the aarch64 images would be a contender for a release
19:48
<
samueldr >
(there's the sd_image, and the iso images, both cannot be combined in a useful manner AFAIK)
19:49
<
samueldr >
[from #nixos-officehours ...] we can shed a bunch of bytes by removing the compiler closure
19:49
stew has joined #nixos-dev
19:49
<
samueldr >
which might be needed in the future for sd_image since sd_image is not squashfs'd
19:49
<
gchristensen >
stew: as in s2w?
19:50
<
samueldr >
though sd_image could likely be squashfs'd in some roundabout way
19:50
<
stew >
gchristensen: yes, hi there ;)
19:53
<
averell >
regarding jigdo, how about a build your own iso wizard (maybe with a script result, not the actual image)? of course testing becomes impossible, but as an extra link, that would be pretty cool.
19:53
<
averell >
of course it's a lot of setup work, maybe.
20:09
pie_ has quit [Ping timeout: 252 seconds]
20:24
orivej has joined #nixos-dev
20:25
<
samueldr >
for the isos not to block the channel advances, they'd need to be removed from the tested set
21:21
orivej has quit [Ping timeout: 246 seconds]
21:31
ixxie has quit [Ping timeout: 248 seconds]
21:46
__monty__ has quit [Quit: leaving]
21:53
psyanticy has quit [Quit: Connection closed for inactivity]
23:04
tazjin has joined #nixos-dev